How Much Did The Target, Home Depot Breaches Really Cost?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.pymnts.com/news/2015/target-home-depot-reveal-full-breach-costs/#.VO9jcPnF-So

2014 was the year of breaches for Target and Home Depot.

Target’s breach costs, of course, were the result of a spillover from the
attack that hit during the company’s 2013 fourth quarter. And the year of
breaches only got worse when Home Depot got hit in September. Now, both
companies have provided full-picture outlooks of just how much the breaches
impacted the retailers as they reported on their Q4 earnings this week.

Home Depot reported Tuesday (Feb. 24) and reported that the net expenses of
the data breach cost the company roughly $33 million. Home Depot CFO Carol
Tomé shared briefly in the call with analysts about how the breach costs
break down.

“In the fourth quarter, our gross data breach expenses were approximately
$20 million. After estimating our insurance recovery, we recorded
approximately $5 million of net data breach related expenses in the
quarter. For the year, our gross data breach expenses were approximately
$63 million, and after expected insurance recovery our net data breach
expenses were approximately $33 million,” she said, later noting that the
2015 guidance for the company did not include any “expenses that we may
incur in the future for data breach-related claims.”

As for Target, the company reported yesterday (Feb. 25) that the total
breach expenses incurred from its massive data breach amounted to $162
million (2013 and 2014 figures combined). For Target’s fourth quarter, it
incurred $4 million worth of breach-related expenses. Full-year net breach
expenses were $145 million ($191 million offset by $46 million insurance
receivable). As for fourth quarter in 2013, Target’s breach expenses hit
$17 million ($61 million offset by $44 million insurance receivable).

“A year ago, we were in the recovery mode, working to repair guest
relationships following the data breach while we undertook an assessment of
the long-term prospects for our Canadian business,” Target CEO Brian
Cornell said in the call with analysts. “Fast forward to today and we’ve
ended the year with the data breached fully behind us and that we’ve made
tough decision to execute the Canadian business.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!